Related Articles

If protecting your organization from cyberattack is your responsibility, you probably have heard of the 20 baseline security controls that the Consensus Audit Guidelines (CAG) project defines and recommends.

Speaking at the Gartner Information Security Summit 2009 in London, SANS instructor Stephen Armstrong outlined 15 "quick wins" based on these controls: simple steps you can take to make an immediate difference to your security.

Here are the 20 controls, and Armstrong's quick wins and other advice:

3. Secure Configurations For Hardware and Software on Laptops, Workstations, and Servers

Quick win: Remove games, hyperterminals and "crapware" that comes bundled with many end user machines, and unnecessary software on servers. If you need six applications on a machine, then there should be six, not twenty. Ideally, deploy standardized images, and document whenever a non standardized image is used for any reason.

4. Secure Configurations For Network Devices Such as Firewalls, Routers, and Switches

Quick win: Implement ingress and egress filtering, allowing only those ports and services with a documented business need. Configurations should be documented and checked to ensure they are secure.

5. Boundary Defense

Quick win: Deploy whitelists and blacklists, and an IDS system, and configure outbound controls. If you have no egress monitoring, you are leaving yourself vulnerable.

6. Maintenance, Monitoring, and Analysis of Security Audit Logs

Related Articles

Quick win: Logs are created for a reason. Make sure they are monitored so you can see what is going on on your network and spot any anomalies or unusual behavior.

7. Application Software Security

Quick win: Use Web application firewalls and application layer security to protect your applications from SQL injections, cross site scripting and other attacks.

8. Controlled Use of Administrative Privileges

Quick win: Some IT staff need admin privileges, but not for reading email. Ensure they have different accounts and passwords for admin and non-admin activities. It's also important to ensure that all devices have usernames and passwords changed from their defaults.

9. Controlled Access Based on Need to Know

Quick win: Make sure you know which data needs protecting, where it is, and who need s access to it, and ensuring controls are in place to restrict access to authorized users.

10. Continuous Vulnerability Assessment and Remediation

Quick win: One way to do this is to use a vulnerability scanner like Nessus. It needs to be updated and run often, because a mild vulnerability one day can become a critical vulnerability the next.

11. Account Monitoring and Control

Quick win: Disable any accounts that can't be associated with current staff or contractors, and create a procedure for disabling accounts when users leave. It's also useful to generate regular reports on accounts that are not used regularly and attempts to access disabled accounts

12. Malware Defenses

Quick win: Ensuring anti-malware software is running on all systems is important, but make sure you have a system in place so that every system is updated regularly. Another quick win measure you can take is disabling autorun for removable storage devices.

13. Limitation and Control of Network Ports, Protocols, and Services

Quick win: Make sure your routers can only be accessed internally, and that firewalls or filters drop all traffic except for services and ports that are explicitly allowed.

14. Wireless Device Control

Quick win: Scan for rogue access points on your network regularly. Using centrally managed enterprise-class devices with an authorized configuration and security profile is also important.